Speaker: Graham Williamson
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Unlock the power of industry-leading insights and expertise. Gain access to our extensive knowledge base, vibrant community, and tailored analyst sessions—all designed to keep you at the forefront of identity security.
Get instant access to our complete research library.
Access essential knowledge at your fingertips with KuppingerCole's extensive resources. From in-depth reports to concise one-pagers, leverage our complete security library to inform strategy and drive innovation.
Get instant access to our complete research library.
Gain access to comprehensive resources, personalized analyst consultations, and exclusive events – all designed to enhance your decision-making capabilities and industry connections.
Get instant access to our complete research library.
Gain a true partner to drive transformative initiatives. Access comprehensive resources, tailored expert guidance, and networking opportunities.
Get instant access to our complete research library.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Speaker: Graham Williamson
Speaker: Graham Williamson
Gonna take a couple of minutes to talk about the experience to date. Then look at some I configurations and more importantly, focus on some I T security at the end. I wanna have a little call to action because I think it's important that we all learn from our experience at DIC and go back to our organizations charged. What I've my experience is that in many cases we are not properly identifying when an I O T hackers happened.
So people, for instance, tell me that colonial pipeline was an IOT hack. It wasn't, it was a VPN account that had been left active, no longer used, but still active that was used for that, the Florida water treatment plant earlier this year, where fortunately the operator noticed the SCD diagram being remotely used. That was the result of a remote access software being on a critical piece of a critical system for managing the water treatment plan. So again, this is standard it stuff that we should, we should be better at.
You'll probably all remember the Phillip lens situation that's possibly ant hack because they, they did use a problem with zigb in terms of getting access to the hub and then being able to get onto the network. There was, of course the ma Dido attack about three, four years ago.
Again, that was a tail port Telenet port on devices that was still active. Most of them were cameras, but it was a, a pretty basic sort of attack.
But, you know, we could classify them as IOT, but to my mind, we've not actually seen any direct attack on an I IOT device. I wanted to, just for our theory, point of view, go through three stages of IOT development. When I started in this business 30 years ago, basically, an an OT environment had five components. It had remote terminal unit with devices. It had a field bus that connected the devices back to a controller.
It had a, a network, the com company, the organization would have a, a network that connected through to a supervisory system that did the data acquisition and data storage. It's useful even today to think of those five different components and see what they mean to our IOT security today, the controller field bus and devices have been integrated. Most situations, you buy a device that you just plug into your communications network and all of the, the, the code is in the, in the device. You can program it, come back to that in a minute, but there's still those different, those five components.
Increasingly we are moving to the situation then where we, we take our device and plug it directly into a network. And then at some remote point do a supervisory activity and we have to consider the security at each of those points. We are rapidly going into a situation where we are using IOT platforms. It could be in cloud infrastructure. I'm amazed at all of the, the, the, the telcos are now providing an IOT platforms.
Has it, as Azure has it, Google has it, even thing Thingworks in Sigfox, they're now selling a, an IOT cloud or platform. They have a platform that you, you, you can either run on premise or in a cloud infrastructure. Even Salesforce has an IOT cloud now.
So it's, it's becoming the future way of going. And what we need to start thinking about is number one, how do we protect that hardware it's plug and play? You get it, you plug it in and where it goes, how do we protect that? And the software development side of things, how do we properly containerize our, our code?
What, and I'm very pleased to see that in the it platform space, we're taking a, a software development lifecycle approach where we have a test environment. We have a, a well first a dev environment, then the test environment, and then crad, and we have a proper release sequence. Typically in the OT field. We've not had that before the OT people will go off and secretly do whatever they wanted to do. What we're seeing now is, is more of managed approach to that software development. We've got some very good communications capabilities.
Now, the, the constrained application protocol is, is, is one that is coming to the four it's UDP based communications. So it means we can use TLS and, and, and, and we can lock it down that way, but it's a light protocol. And it's ideal for battery operated devices. The MQTT is still probably the, the most widely used in my opinion protocol.
Again, you can choose what sort of secure level of security you want to apply there. The big thing though about the it platform is the analytics that it's providing us. We have significant capabilities in realtime artificial intelligence and in predictive maintenance issues and things like that that we can now do because of that, that capability. Okay. Three slides. Then first is devices. What do we need to do there in terms of our cyber cybersecurity, we need to make sure that we have a digital access control.
We, if we can use the ITP service that we use on the it side, it's ideal. If we can use multifactor authentication, that's ideal in protecting that digital infrastructure from our to, to make sure it's only approved users that get access to it, the physical, if you've got a control room, again, tie that into the same IDP service. So that makes it easier for the user. Our maintenance is the big issue here. How are we going to do that? We need some governance over how we going to do the maintenance. Some cases we is hardware, only device. We're not allowed to do any updates.
If we are allowed to do updates, if we are gonna go in and even modify the firmware from time to time to take advantage of, of bug fixes and things like that, we've gotta have a process where we control that. We know who's doing it, how they're doing it. We know there's a hash associated with code so that we, we, we, we have complete control over that. I just want to mention one use case that I'm particularly fond of I'm that I recently was reading about it's it was done on two different two different countries. They had a large solar panel array attached to the grid. So it was real life.
And they at, they extended the capabilities of the photo cells to include a measurement of the solar radiance, the type of solar pan solar power. You are getting varies depending on time of day, obviously, depending upon the season.
And, and that's important information, then there's the temperature, humidity and wind speed. So in the future, we can see this more embedded devices are coming our way. So my solar panels on my house are pretty just connect to these, the solar panel device, the solar regulator in the future, we are going to see much more capable solar panels that do a lot more for us controllers in the control space. In the past, we've had PLCs that we had out on the premise, close to the actuators and the sensors.
We, we need to make sure those PLCs now are properly managed. They're becoming very high, high end compute devices, no longer do you have to have a specialist to understand the programming language for that particular device. A lot of them are open source now and, and, and high level programming languages. So we need to make sure we take advantage of the capabilities there. A PLC should always be in run mode.
If, if it goes outta run mode, we need to add an alert for controllers. And now we're talking the PCs, those computer systems that are integrating with our, our devices. If we possible include them with the organizations security operations center for the event, managing management activity that you have on the it side, and, and, and extend that into the OT area. As we mentioned before that OT cloud platforms are really improving our capabilities. There use case here is traffic signal controllers.
I mean, they're typically PLCs. They sit close to the intersection that they're managing and they do to, they look at inroad sensors, the pedestrian controls that type of thing.
They, they, they vary the cycle times depending upon the time of day and traffic speed, but they're pretty dumb. Other than that in the future, as I'm approaching the intersection with my BMW, and I turn on my left turn signal, I want this, the, the traffic signal to recognize that and, and give me a, a left turn filter that, that plays into the whole T platform space. It gives us the capability having a single code base looking after all of the, the, the traffic control systems in, in, in our city, third area then is communications.
If there's any area where there's more changes happening, it's in the control, the communication space, okay. We, the 5g has taken over and, and is going to be very important to us going forward. The prime reason for that is the flexibility of your 5g services vendors can now sell you as much or as little as you want, and you only have to pay for data. So you no longer have to buy a circuit and then put a sticker SIM card in and, and, and, and do that, that type of activity in terms of the cybersecurity, though, it does mean that we need to get a little bit more sophisticated.
We need to know what's happening in, in our 5g core. So for instance, if we've got a factory where we have a private 5g installation, we should be asking the vendor questions about the various functions within the 5g core and how those, how the authentication function for instance is set up and what it's allowing to happen. The use case in this space is one that I came across a few years ago. Soia tree plantation in Southeast Asia, huge, huge plantations, four times the size of Singapore. And they put sensors around the, the plantation to, to manage nutrients and, and water levels.
They then used drone photographs that they did periodically and fed that into a video analysis system that was able to determine whether there was insect infestation or whether there was a nutrient deficiency. And one of the, the big benefits from this system that they put in was the ability to manage their production in the past. They would shut the mill down. When they ran out of wood, since the system had gone in, they had not won, not had one stoppage, it's very expensive to shut down a mill and restart it.
So the IOT system in this space was really benefiting them in terms of the saving a lot of money in terms of the, the next steps. Then what I'd like you all to do is to think through what your organization might do in terms of taking advantage of the significant increase in functionality we've seen over the last few years, the significant decrease in a cost of devices that we've seen over the last 10, 15 years, things that we couldn't do before are now possible. And we need to think through what that is now. One person's not doesn't know all of that.
The important thing now is to go back to your, your organizations, get together in a room. The people that do understand the sort of things that could happen and go through a workshop to, to figure that out. I like the, the, the, the green light red light approach. So the green light. So for the first 15 minutes of the workshop, people can say anything.
They like, regardless of how silly it sounds, it gets written up on the, on the whiteboard. Then you go into a red light session where you go through each of those suggestions and decide, can you do it? You have the capability to do it.
The, what you'll find is that the, the good ones will percolate up to the top. The silly ones will percolate down to the bottom and you'll be left with four or five really good ideas of how you produce your IOT environment. You need to then plan it, obviously.
And again, I see a lot of OT in deployments happening in secret. Yeah. Let's just do this and see how it works. You need to broadcast what you're doing. See what other stakeholders there might be in the organization and, and, and approach this from a, a project point of view. Then of course you do your deployment and please celebrate your successes. That's all I wanted to go over here. If there's any questions, we do have a couple of minutes left. I believe.